The Most Famous Advanced Persistent Threats in History

The disclosure sent shock waves across the security community because the SecurID product, widely regarded as a security best practice, had long been the product of choice for many Fortune 500 enterprises. Shortly after the RSA breach, several defense contractors, including Lockheed Martin, disclosed that they had experienced cyber attacks on their networks. At least one of these attacks was reported to have used spoofed passcodes from a cloned RSA SecurID token.

The consequences of this attack were potentially highly damaging for both RSA and the customers of its security authentication product. Fortunately, RSA acted quickly to contain the damage, immediately informing customers and advising them to take action to strengthen their SecurID implementations. EMC reported that it had spent at least $66 million on remediation. According to RSA executives, no customer networks were breached, although the breach eventually affected over 700 organizations and was estimated by a Gartner analyst to have cost the banking industry $50-100 million in replacement costs for new tokens.

Many of today’s most destructive advanced persistent threats (APTs) were conceived a decade ago, so enterprises that rely on most traditional approaches to cybersecurity are unlikely to succeed against the next generation of attacks. This is one of the cautions in a new book published by global IT association ISACA in cybersecurity awareness month.

While new tools are needed to combat ever changing security threats, it is helpful to examine the history of the APT, because it is possible to derive many important lessons for defending against them in the future. The earliest use of the term “advanced persistent threat” emerged from the U.S. government sector in 2005, describing a new, deceptive form of attack that targeted selected employees and tricked them into downloading a file or accessing a website infected with Trojan horse software. This slideshow summarizes known facts, anecdotal evidence and reported claims behind some of the most well known attacks experienced over the last 15 years.

To protect the company from those insiders who abuse their privileged access and from hackers with stolen credentials, many companies are turning to a privileged access management (PAM) solution. ... More >>